At 12:58 AM 08/11/2002 -0700, Lucky Green wrote:
BTW, does anybody here know if there is still an email time stamping
server in operation? The references that I found to such servers appear
to be dead.
The canonical timestamping system was Haber Stornetta's work at
Bellcore, commercialized at
On Tue, 13 Aug 2002, James A. Donald wrote:
To me DRM seems possible to the extent that computers themselves
are rendered tamper resistant -- that is to say rendered set top
boxes not computers, to the extent that unauthorized personnel are
prohibited from accessing general purpose
On Mon, 12 Aug 2002, AARG! Anonymous wrote:
It is clear that software hacking is far from almost trivial and you
can't assume that every software-security feature can and will be broken.
Anyone doing security had better assume software can and will be
broken. That's where you *start*.
On Mon, 12 Aug 2002, AARG! Anonymous wrote:
His analysis actually applies to a wide range of security features,
such as the examples given earlier: secure games, improved P2P,
distributed computing as Adam Back suggested, DRM of course, etc..
TCPA is a potentially very powerful security
AARG! Anonymous wrote:
His description of how the Document Revocation List could work is
interesting as well. Basically you would have to connect to a server
every time you wanted to read a document, in order to download a key
to unlock it. Then if someone decided that the document needed
to
David wrote:
AARG! Anonymous wrote:
His description of how the Document Revocation List could work is
interesting as well. Basically you would have to connect to
a server
every time you wanted to read a document, in order to
download a key to
unlock it. Then if someone decided that
- Original Message -
From: AARG! Anonymous [EMAIL PROTECTED]
[brief description of Document Revocation List]
Seth's scheme doesn't rely on TCPA/Palladium.
Actually it does, in order to make it valuable. Without a hardware assist,
the attack works like this:
Hack your software (which is
Seth Schoen of the EFF has a good blog entry about Palladium and TCPA
at http://vitanuova.loyalty.org/2002-08-09.html. He attended Lucky's
presentation at DEF CON and also sat on the TCPA/Palladium panel at
the USENIX Security Symposium.
Seth has a very balanced perspective on these issues
It reminds me of an even better way for a word processor company to make
money: just scramble all your documents, then demand ONE MILLION DOLLARS
for the keys to decrypt them. The money must be sent to a numbered
Swiss account, and the software checks with a server to find out when
the
